Download | Plain Text | Line Numbers
--- a/vcdb.c 2011-02-28 18:00:45.000000000 +0100
+++ b/vcdb.c 2020-02-25 17:46:43.360186000 +0100
@@ -672,14 +672,14 @@
char Dir[156];
uid_t uid;
gid_t gid;
- char crypted[100];
+ char crypted[128];
if ( vget_assign(domain, Dir, 156, &uid, &gid ) == NULL ) {
strcpy(Dir, VPOPMAILDIR);
}
if ( pass[0] != 0 ) {
- mkpasswd3(pass,crypted, 100);
+ mkpasswd3(pass,crypted, sizeof(crypted));
} else {
crypted[0] = 0;
}
--- a/vldap.c 2020-02-25 17:49:48.775599000 +0100
+++ b/vldap.c 2020-02-25 17:49:30.139649000 +0100
@@ -490,7 +490,7 @@
int ret = 0, vd = 0;
int i,len;
char *b = NULL;
- char crypted[100] = { 0 };
+ char crypted[128] = { 0 };
if ((dir) && (*dir))
@@ -547,11 +547,11 @@
lm[0]->mod_values[0] = safe_strdup(user);
/* lm[1] will store : userPassword / pw_password */
- memset((char *)crypted, 0, 100);
+ memset((char *)crypted, 0, sizeof(crypted));
if ( password[0] == 0 ) {
crypted[0] = 0;
} else {
- mkpasswd3(password, crypted, 100);
+ mkpasswd3(password, crypted, sizeof(crypted));
}
lm[1]->mod_values[0] = (char *) safe_malloc(strlen(crypted) + 7 + 1);
--- a/vmoduser.c 2011-02-28 18:00:45.000000000 +0100
+++ b/vmoduser.c 2020-02-25 17:48:02.385359000 +0100
@@ -74,7 +74,7 @@
if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
if ( Passwd[0] != 0 ) {
- mkpasswd3(Passwd,Crypted, 100);
+ mkpasswd3(Passwd,Crypted, sizeof(Crypted));
mypw->pw_passwd = Crypted;
#ifdef CLEAR_PASS
mypw->pw_clear_passwd = Passwd;
@@ -100,7 +100,7 @@
if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
if ( Passwd[0] != 0 ) {
- mkpasswd3(Passwd,Crypted, 100);
+ mkpasswd3(Passwd,Crypted, sizeof(Crypted));
mypw->pw_passwd = Crypted;
#ifdef CLEAR_PASS
mypw->pw_clear_passwd = Passwd;
--- a/vmysql.c 2020-02-25 17:49:48.779876000 +0100
+++ b/vmysql.c 2020-02-25 17:48:49.386502000 +0100
@@ -376,7 +376,7 @@
gid_t gid;
char dirbuf[200];
char quota[30];
- char Crypted[100];
+ char Crypted[128];
int err;
if ( (err=vauth_open_update()) != 0 ) return(err);
@@ -410,7 +410,7 @@
}
if ( pass[0] != 0 ) {
- mkpasswd3(pass,Crypted, 100);
+ mkpasswd3(pass,Crypted, sizeof(Crypted));
} else {
Crypted[0] = 0;
}
--- a/voracle.pc 2011-02-28 18:00:45.000000000 +0100
+++ b/voracle.pc 2020-02-25 17:48:41.961576000 +0100
@@ -321,7 +321,7 @@
gid_t gid;
char dirbuf[200];
char quota[30];
- char Crypted[100];
+ char Crypted[128];
int err;
if ( (err=vauth_open_update()) != 0 ) return(err);
@@ -355,7 +355,7 @@
}
if ( pass[0] != 0 ) {
- mkpasswd3(pass,Crypted, 100);
+ mkpasswd3(pass,Crypted, sizeof(Crypted));
} else {
Crypted[0] = 0;
}
--- a/vpgsql.c 2020-02-25 17:49:48.782546000 +0100
+++ b/vpgsql.c 2020-02-25 17:48:33.426363000 +0100
@@ -208,7 +208,7 @@
gid_t gid;
char dirbuf[200];
char quota[30];
- char Crypted[100];
+ char Crypted[128];
int err;
PGresult *pgres;
@@ -245,7 +245,7 @@
}
if ( pass[0] != 0 ) {
- mkpasswd3(pass,Crypted, 100);
+ mkpasswd3(pass,Crypted, sizeof(Crypted));
} else {
Crypted[0] = 0;
}
--- a/vpopmail.c 2020-02-25 17:49:48.784496000 +0100
+++ b/vpopmail.c 2020-02-25 17:34:02.502868000 +0100
@@ -45,7 +45,7 @@
#include "storage.h"
#ifndef MD5_PASSWORDS
-#define MAX_PW_CLEAR_PASSWD 8
+//#define MAX_PW_CLEAR_PASSWD 8
#endif
#ifdef VPOPMAIL_DEBUG
@@ -820,7 +820,7 @@
int mkpasswd3( char *clearpass, char *crypted, int ssize )
{
char *tmpstr;
- char salt[12];
+ char salt[21];
static int seeded = 0;
if (!seeded) {
@@ -842,9 +842,28 @@
salt[10] = randltr();
salt[11] = 0;
#else
- salt[0] = randltr();
- salt[1] = randltr();
- salt[2] = 0;
+ // salt is 16 characters
+ salt[0] = '$';
+ salt[1] = '6';
+ salt[2] = '$';
+ salt[3] = randltr();
+ salt[4] = randltr();
+ salt[5] = randltr();
+ salt[6] = randltr();
+ salt[7] = randltr();
+ salt[8] = randltr();
+ salt[9] = randltr();
+ salt[10] = randltr();
+ salt[11] = randltr();
+ salt[12] = randltr();
+ salt[13] = randltr();
+ salt[14] = randltr();
+ salt[15] = randltr();
+ salt[16] = randltr();
+ salt[17] = randltr();
+ salt[18] = randltr();
+ salt[19] = '$';
+ salt[20] = 0;
#endif
tmpstr = crypt(clearpass,salt);
--- a/vpopmaild.c 2011-02-28 18:00:45.000000000 +0100
+++ b/vpopmaild.c 2020-02-25 17:38:24.578490000 +0100
@@ -555,7 +555,7 @@
int mod_user()
{
- char Crypted[64];
+ char Crypted[128];
char *email_address;
char *param;
char *value;